What is claimed: 

1 1. A method of improving security processing in a computing network, comprising steps of: 

2 providing security processhig in an operating system kernel; 

3 providing an application program which makes use of the operating system kernel during 

4 execution; 

5 providing security policy information; 

6 executing the application program; and 

7 selectably securing at least one communication of the executing application program using 

8 D the provided security processing in the operating system kernel, under conditions specified by the 
9U security policy information. 

2. The method according to Claim 1 , wherein the security policy information is stored in a 
2fy security repository. 

ill 'i 

3 

3 . The method according to Claun 2, wherein the security policy information is usable for 
2 more than one executing application program, 

1 4. The method according to Claim 1 , wherein the conditions include network addresses. 

1 5, The method according to Claim 4, wherein the network addresses specify one or more of 

2 server addresses and destination addresses. 
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1 6. The method according to Claim 4, wherein the network addresses include ranges of 

2 source addresses and/or ranges of destination addresses. 

1 7. The method according to Claim 1, wherein the conditions include one or more port 

2 numbers and/or one or more port number ranges. 

1 8. The method according to Claim 1 , wherein the conditions include one or more job names. 

1 S 9. The method according to Claim 1, wherein the conditions include one or more client 

2 a identifiers. 

\^ 10. The method according to Claim 1, further comprising the step of checking the secinity 

2En policy information when the executing application program establishes a connection, and v^rein 

3| ji the selectably securing step communicates on that connection according to a result of the 

4M checking step, 

1 11. The method accordmg to Claim 1 , whereby communications fi-om the executing 

2 application program may be secured even though the provided application program has no code 

3 for security processing. 

1 12. The method according to Claim 1, wherein the provided application program includes 

2 invocation of one or more security directives, and further comprising the step of executing, during 

RSW920010221US1 -61- 



3 



execution of the provided application program, one or more of the invoked security directives. 



1 13. The method according to Claim 1, wherein, when a result of evaluating the security policy 

2 information so indicates, the selectably securing step th^eby secures only some sockets of a port. 

1 14. The method according to Claim 1, wherein the provided security processing operates in a 

2 Transmission Control Protocol layer of the operating system kernel 

it! 15. The method according to Claim 1 , wherein the provided security processing implements 

C3 

2 'R Secure Sockets Layer. 

iffl 16. The method according to Claim 1 , wherein the provided security processing implements 

2J5! Transaction Layer Security. 

iC 17. A system for hnproving security processing in a computing network, comprising: 

2 means for performing security processing in an operating system kernel; 

3 security policy mformation specifying one or more conditions under which the means for 

4 performing security processing is to be activated; 

5 means for executing an application program which makes use of the operating system 

6 kernel during execution; and 

7 means for selectably securing, according to the conditions specified by the security policy 

8 information, at least one communication of the executing application program using the means for 
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9 performing security processing. 

1 1 8. A computer program product for improving security processing in a computing network, 

2 the computer program product embodied on one or more computer-readable media and 

3 comprising: 

4 computer-readable program code means for performing security processing in an 

5 operating system kernel; 

6 computer-readable program code means for accessing security policy information, the 
72 security policy information specifying one or more conditions under which the computer-readable 
8^^ program code means for performing security processing is to be activated; 

9h computer-readable program code memis for executing an application program which 

10=^ makes use of the operating system kernel during execution; and 
1 li^ computer-readable program code means for selectably securing, according to the 

ii fl 

1^-4 conditions specified by the security policy information, at least one communication of the 

1 3 executing application program using the computer-readable program code means for performing 

14 security processing. 
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